User Guide Cancel

Enable automatic account creation

  1. Adobe Enterprise & Teams: Administration guide
  2. Plan your deployment
    1. Basic concepts
      1. Licensing
      2. Identity
      3. User management
      4. App deployment
      5. Admin Console overview
      6. Admin roles
    2. Deployment Guides
      1. Named User deployment guide
      2. SDL deployment guide
      3. Deploy Adobe Acrobat 
    3. Deploy Creative Cloud for education
      1. Deployment home
      2. K-12 Onboarding Wizard
      3. Simple setup
      4. Syncing Users
      5. Roster Sync K-12 (US)
      6. Key licensing concepts
      7. Deployment options
      8. Quick tips
      9. Approve Adobe apps in Google Admin Console
      10. Enable Adobe Express in Google Classroom
      11. Integration with Canvas LMS
      12. Integration with Blackboard Learn
      13. Configuring SSO for District Portals and LMSs
      14. Add users through Roster Sync
      15. Kivuto FAQ
      16. Primary and Secondary institution eligibility guidelines
  3. Set up your organization
    1. Identity types | Overview
    2. Set up identity | Overview
    3. Set up organization with Enterprise ID
    4. Setup Azure AD federation and sync
      1. Set up SSO with Microsoft via Azure OIDC
      2. Add Azure Sync to your directory
      3. Role sync for Education
      4. Azure Connector FAQ
    5. Set up Google Federation and sync
      1. Set up SSO with Google Federation
      2. Add Google Sync to your directory
      3. Google federation FAQ
    6. Set up organization with Microsoft ADFS
    7. Set up organization for District Portals and LMS
    8. Set up organization with other Identity providers
      1. Create a directory
      2. Verify ownership of a domain
      3. Add domains to directories
    9. SSO common questions and troubleshooting
      1. SSO Common questions
      2. SSO Troubleshooting
      3. Education common questions
  4. Manage your organization setup
    1. Manage existing domains and directories
    2. Enable automatic account creation
    3. Set up organization via directory trust
    4. Migrate to a new authentication provider 
    5. Asset settings
    6. Authentication settings
    7. Privacy and security contacts
    8. Console settings
    9. Manage encryption  
  5. Manage users
    1. Overview
    2. Administrative roles
    3. User management strategies
      1. Manage users individually   
      2. Manage multiple users (Bulk CSV)
      3. User Sync tool (UST)
      4. Microsoft Azure Sync
      5. Google Federation Sync
    4. Assign licenses to a Teams user
    5. In-app user management for teams
      1. Manage your team in Adobe Express
      2. Manage your team in Adobe Acrobat
    6. Add users with matching email domains
    7. Change user's identity type
    8. Manage user groups
    9. Manage directory users
    10. Manage developers
    11. Migrate existing users to the Adobe Admin Console
    12. Migrate user management to the Adobe Admin Console
  6. Manage products and entitlements
    1. Manage products and product profiles
      1. Manage products
      2. Buy products and licenses
      3. Manage product profiles for enterprise users
      4. Manage automatic assignment rules
      5. Entitle users to train Firefly custom models
      6. Review product requests
      7. Manage self-service policies
      8. Manage app integrations
      9. Manage product permissions in the Admin Console  
      10. Enable/disable services for a product profile
      11. Single App | Creative Cloud for enterprise
      12. Optional services
    2. Manage Shared Device licenses
      1. What's new
      2. Deployment guide
      3. Create packages
      4. Recover licenses
      5. Manage profiles
      6. Licensing toolkit
      7. Shared Device Licensing FAQ
  7. Get started with Global Admin Console
    1. Adopt global administration
    2. Select your organization
    3. Manage organization hierarchy
    4. Manage product profiles
    5. Manage administrators
    6. Manage user groups
    7. Update organization policies
    8. Manage policy templates
    9. Allocate products to child organizations
    10. Execute pending jobs
    11. Explore insights
    12. Export or import organization structure
  8. Manage storage and assets
    1. Storage
      1. Manage enterprise storage
      2. Adobe Creative Cloud: Update to storage
      3. Manage Adobe storage
    2. Asset migration
      1. Automated Asset Migration
      2. Automated Asset Migration FAQ  
      3. Manage transferred assets
    3. Reclaim assets from a user
    4. Student asset migration | EDU only
      1. Automatic student asset migration
      2. Migrate your assets
  9. Manage services
    1. Adobe Stock
      1. Adobe Stock credit packs for teams
      2. Adobe Stock for enterprise
      3. Use Adobe Stock for enterprise
      4. Adobe Stock License Approval
    2. Custom fonts
    3. Adobe Asset Link
      1. Overview
      2. Create user group
      3. Configure Adobe Experience Manager Assets
      4. Configure and install Adobe Asset Link
      5. Manage assets
      6. Adobe Asset Link for XD
    4. Adobe Acrobat Sign
      1. Set up Adobe Acrobat Sign for enterprise or teams
      2. Adobe Acrobat Sign - Team feature Administrator
      3. Manage Adobe Acrobat Sign on the Admin Console
    5. Creative Cloud for enterprise - free membership
      1. Overview
  10. Deploy apps and updates
    1. Overview
      1. Deploy and deliver apps and updates
      2. Plan to deploy
      3. Prepare to deploy
    2. Create packages
      1. Package apps via the Admin Console
      2. Create Named User Licensing Packages
      3. Manage pre-generated packages
        1. Manage Adobe templates
        2. Manage Single-app packages
      4. Manage packages
      5. Manage device licenses
      6. Serial number licensing
    3. Customize packages
      1. Customize the Creative Cloud desktop app
      2. Include extensions in your package
    4. Deploy Packages 
      1. Deploy packages
      2. Deploy Adobe packages using Microsoft Intune
      3. Deploy Adobe packages with SCCM
      4. Deploy Adobe packages with ARD
      5. Install products in the Exceptions folder
      6. Uninstall Creative Cloud products
      7. Use Adobe provisioning toolkit enterprise edition
    5. Manage updates
      1. Change management for Adobe enterprise and teams customers
      2. Deploy updates
    6. Adobe Update Server Setup Tool (AUSST)
      1. AUSST Overview
      2. Set up the internal update server
      3. Maintain the internal update server
      4. Common use cases of AUSST   
      5. Troubleshoot the internal update server
    7. Adobe Remote Update Manager (RUM)
      1. Release notes
      2. Use Adobe Remote Update Manager
    8. Troubleshoot
      1. Troubleshoot Creative Cloud apps installation and uninstallation errors
      2. Query client machines to check if a package is deployed
  11. Manage your Teams account
    1. Overview
    2. Update payment details
    3. Manage invoices
    4. Change contract owner
    5. Change your plan
    6. Change reseller
    7. Cancel your plan
    8. Purchase Request compliance
  12. Renewals
    1. Teams membership: Renewals
    2. Enterprise in VIP: Renewals and compliance
  13. Manage contracts
    1. Automated expiration stages for ETLA contracts
    2. Switching contract types within an existing Adobe Admin Console
    3. Value Incentive Plan (VIP) in China
    4. VIP Select help
  14. Reports & logs
    1. Audit Log
    2. Assignment reports
    3. Content Logs
  15. Get help
    1. Contact Adobe Customer Care
    2. Support options for teams accounts
    3. Support options for enterprise accounts
    4. Support options for Experience Cloud

System Administrators can enable users to automatically create a federated account with the organization.

  To enable automatic account creation for an existing directory, sign in to the Adobe Admin Console, navigate to Settings, select a directory, and then select Authentication > Edit.

Automatic Account Creation

Note:

This feature is only available to Adobe enterprise customers who have set up one or more federated directories in the Admin Console.


Overview

Automatic account creation allows users without a federated account to automatically create one with their organization based on a verified email domain. When enabled for a federated directory, new users with a valid email domain of that directory will be able to create a federated account. Learn more about federated accounts.

Adobe strongly recommends you enable automatic account creation for the following benefits:

  • Federated users can participate in sharing and collaboration flows with their org-owned account versus a personal account using an org-owned domain.
  • Federated users can sign in securely via single sign-on.
  • Automation speeds up the process of setting up users in your directory with little or no involvement from the administrator.
  • Administrators can control the federated users' product licenses, cloud-stored assets, and sharing restrictions.

You can set up automatic assignment rules that assign products automatically to eligible users in your organization (or specified domains and directories) and enable product requests that allow end users to request access to products for administrator review.

User experience

When a user enters their email address to create an account, they are given a choice to create an account with their organization if the email address entered meets the following criteria:

  • Has a valid email domain from the federated directory
  • Is not associated with an existing Adobe account
Create an account screen displaying the Sign in button under the Email address field
Sign in with SSO to create an account with your organization.

The user should select Sign in under the Email address field and successfully authenticate with their organization’s single sign-on to complete the account creation. This triggers the flow of information from the identity provider to the Admin Console so that federated Adobe accounts are created automatically within the identified federated directory based on the user’s domain.

User accounts created through automatic account creation indicate the creation source in the User Details. Administrators can manage the accounts of any users added through automatic account creation, including removing them from the Users and Directory Users lists as needed. Administrators' actions are captured in the Audit Log report.


Enable or disable automatic account creation

System Administrators can enable or disable automatic account creation per identity provider within each federated directory, allowing eligible users to get a federated account without any other action from an administrator.

The feature must be enabled by an administrator for an existing federated directory, while it is enabled by default for all new federated directories created in your Admin Console. Here's how you can edit existing directories to enable automatic account creation:

Note:

You can only enable automatic account creation for the federated domains that your organization owns and has claimed. Trustees of your federated directories cannot enable or disable automatic account creation.

  1. Sign in to the Admin Console and navigate to Settings > Identity.
  2. Select an active federated directory by clicking the name of the directory, then navigate to Authentication.

  3. Select Edit to enable or disable automatic account creation.

    IdP card displaying the option to edit the configuration settings
    Edit identity provider configuration settings.

  4. Navigate to step 2 in the Edit auto-account creation wizard.

  5. Use the toggle to enable or disable automatic account creation for the identity provider.

    If you disable automatic account creation for an identity provider, new users in your organization who have valid accounts with domains of that identity provider will no longer be able to create a federated account automatically. However, users who have already created a federated account will retain access to their account.

    Edit auto-account creation wizard with the toggle enabled for auto-account creation
    Use the toggle to enable auto-account creation for the IdP.

  6. Select a default country from the dropdown menu in the Attribute mappings section.

    The identity provider configuration with the Adobe Admin Console is created and owned by an organization and linked to the directory via federation. Adobe reads the first name, last name, email, and country to create accounts with appropriate attributes. Email is the only required attribute for account creation and all others are optional, though Adobe recommends including all attributes to distinguish users in the Admin console.

    Adobe reads the following default values for user attributions from the federation token:

      SAML Azure OIDC OIDC
    First name FirstName given_name given_name
    Last name LastName family_name family_name
    Email Email email email
    Country CountryCode ctry address.country

     

    The value mapped to the country field is populated in the user’s profile if shared from the organization’s directory. If no value is provided or the provided value isn't an Adobe-supported country, accounts will get provisioned without a country set by default. You also have the option to specify a default country that will get set on the user's profile in such cases instead. Learn more about federated directory setup.

  7. You can also choose to update user information in Admin Console when users log in.

    User attribute information can change in your directory after a federated Adobe account is created. You have the option to update user data in Adobe at sign-in by choosing the best option for your organization. The following options are available:

    Don't update

    User attribute information is not updated on user sign-in (default option).

    Always update

    User attribute information is always updated on user sign-in.

    Update when not empty

    Only non-empty user attribute information is updated on user sign-in. For example, if a user signs in and the organization’s directory shares an updated last name and no first name, only the last name will be updated to match the revised value and the first name will be preserved as the value already stored in the user’s Adobe account.

  8. Select Done.

    Note:

    If an identity provider (IdP) or its parent directory is no longer active, automatic account creation is automatically disabled for the IdP. This change in status does not impact other IdPs within the federated directory, allowing automatic account creation to remain enabled with other active IdPs as needed.


Frequently asked questions

Where can users find the option to automatically create a federated account with my organization?

Users who don't already have an Adobe account will get the option to sign in with their SSO and auto-create a federated account when creating an account on the Adobe sign-in screen. 

What benefits are available to users who automatically create an account with my organization?

Once a user has an account with their organization, that user can participate in collaboration and share workflows with other team members, as well as request access to products from their organization based on how the administrators have configured the automatic assignment rule and product request features.

What if I want to allow users to create other types of Adobe accounts automatically with my organization? 

Currently, only federated accounts can be created automatically. A future phase of Zero Touch Administration will allow users to create other types of Adobe accounts with their organizations. 

Can users who are not using a domain that my organization has claimed still have an account automatically created?

Only users who have an organization-provided account whose domain falls within the federated directory enabled for automatic account creation can create a federated account on-demand. The user must be able to successfully authenticate via single sign-on for account creation to be completed.

Does account creation automatically provide any product licenses to the user?

Automatic account creation only creates a new federated account for a user and does not automatically assign product licenses. A user can request access to Adobe products from their organization once they are a member based on how the administrators have configured the automatic assignment rule and product request features.

How do I remove a user from my Admin Console who automatically created their account?

Users who created a federated account on-demand can be removed from the organization by a System or User Administrator via the User List. Removing the user from the Directory User List will permanently delete their account and all license access.

Can users automatically create an account in a federated directory that has Azure or Google Sync configured?

A user can create an on-demand federated account in a directory where Azure or Google Sync has been configured. Once created, the user is under sync management, meaning their account cannot be edited via the Admin Console unless the sync is temporarily paused. If the user is added to the automated sync scope, their user information will be updated in their Adobe profile via the directory attribute mapping.

Will a user who already has a personal Adobe account under a domain my organization owns be presented with the option to create a new federated account under the same email address at sign-in?

Only users who are creating an account with their organization-owned domain will be offered the option to create a federated account on-demand. If a user is already using their org-owned email domain for personal use, they can choose to change the email address associated with the account, allowing them to create a federated account on-demand with their org-owned email domain.

 Adobe

Get help faster and easier

New user?